How to get started with a VPN in Linux

Command line private networks

Shares

The internet was supposed to be open and permissionless, transcend borders and make the world a smaller place. Some of that has been achieved, but there is also a creeping feeling that ISPs (Internet Service Providers), nation states, and web services are increasingly locking down their networks, imposing censorship and discriminating based on computer, browser, and IP address.

Many technologies aim to free information from censorship and geo-restrictions. Most restrictions are only placed on the internet artificially and superficially, and can easily be circumvented.

Even poorly configured networks are something that often have to be bypassed using tools otherwise created to break censorship—as anybody knows who’s had trouble connecting to their server via SSH with airport Wi-Fi.

The most popular way to circumvent censorship is with a VPN (Virtual Private Network).

As the name suggests, a virtual network allows you to connect to another server and establish an encrypted tunnel between it and your internet-capable device.

Once connected to the VPN, you will hopefully be able to browse the internet free from obstruction, and from a country of your choice.

Censorship protection

An Internet Service Provider (ISP) might be required by their government to introduce censorship tools or limit access to certain platforms or sites.

An ISP might also voluntarily add such restrictions, possibly in a poor understanding of information security, or to limit the services its users can enjoy for commercial or legal reasons.

A Virtual Private Network (VPN) could also impose censorship, but they would not be able to get away with it for long.

Switching your VPN provider is uncomplicated and fast, and as long as the user demands an open internet, even if only in principle, the VPN provider will be forced by market powers to provide it.

OpenVPN

While most Linux VPNs only come with the insufficient PPTP preinstalled, the gold standard of VPN protocols, the open source OpenVPN, is readily available for all Linux distributions as an additional package.

OpenVPN mimics regular encrypted internet traffic, such as TLS (The predecessor of SSL), making it hard to distinguish from normal web traffic.

It is highly customisable and can fluidly adapt to new efforts to block it. However, dealing with the OpenVPN configuration files is not always trivial and user-friendly.

Providers routinely have to rotate servers, IP addresses, and even domain names to counter blockades.

The default command line on Linux, which you can install with sudo apt install. However, OpenVPN isn’t very convenient when using multiple servers and configurations.

You will have to download a configuration file for each server or connection variation that you intend to use, which can add up to thousands or even millions of possible configurations.

Additionally, these server settings can change, and new servers are regularly added. Old servers can occasionally be dropped, or their IP address or URL will change, requiring a user to stay up to date by perpetually downloading new configuration files.

Despite the inconvenient set up, OpenVPN remains an excellent protocol. ExpressVPN uses it by default across all its applications and has built a neat solution to make using a VPN on Linux simple.

Linux CLI

The ExpressVPN Linux CLI (command line interface) does away with the hassle by requesting a list of available servers and configurations from the server directly, invisible to the end user.

All the user needs to do is select their preferred country, city, or even individual server. The application automatically chooses the fastest server relative to the current location of the user.

The application is built on the OpenVPN protocol and supports both TCP and UDP data communications. Using simple commands, you can connect to the ExpressVPN network, list all servers, and show your current connection status and diagnostics.

You can also define your preferred protocol and chose whether you would like to auto-connect through the preferences command.

The CLI version of ExpressVPN is available for a broad range of Linux distributions (distros), such as Debian, Ubuntu, CentOS, and Fedora.

It very likely also works with distros built from a fork of these platforms and results in a coherent and smooth user experience requiring zero tweaking.

The Linux ecosystem is diverse and vibrant, with people using a large variety of servers and home computers for many reasons, which is why ExpressVPN works across this ecosystem and brings big benefits for many use cases, from watching movies to defending against rogue ISPs.

Few VPN providers support Linux using OpenVPN certificates like ExpressVPN does, and almost nobody has dedicated applications for a small but strong and savvy customer segment.

ExpressVPN is a fast and reliable VPN service that consistently breaks internet censorship and provides reliable protection from snooping and injection, even in adversarial conditions.

RSA Certificates are signed with a 4,096-bit long key and identified with an SHA-512 hash, making sure that even a strong adversary is not able to intercept your connection in a Man-in-the-middle Attack or inject any malicious data.

Free and open

VPNs are the ultimate net neutrality tools and can be used to fight against surveillance, censorship, and geoblocking.

While you may feel that you have limited choice in your ISPs, perhaps due to market manipulation, geography or politics, VPN providers compete among hundreds of global providers for reliable service and unrestricted access, which comes with significant benefits to the end user.

VPN providers typically do not own an internet infrastructure, such as fibre cables. They only own servers, which are scattered around the world’s jurisdictions.

Because of the virtual nature of VPNs (unlike physical ISPs), they can choose to be based in jurisdictions that have no laws requiring them to turn over user data to the state or ISPs.

They are also able to minimise their legal footprint to evade copyright notices and lawsuits and don’t have to pass them on to their users to stay in business.

Keep in mind that It is technically possible for a VPN provider to keep logs, although in the case of ExpressVPN it doesn’t, but it’s important to look into the Terms of Service contract, marketing materials, and media coverage to see if the VPN is keeping records.

It’s fair to say that were a VPN provider to keep customer files and hand them over to courts of law enforcement, it would become known relatively quickly and would destroy the reputation of the vendor.

A VPN provider doesn’t need to know who its customers are. Usually, an email address for password recovery and occasional communication is enough, but technically not required.

Payments can be settled anonymously with Bitcoin, and there’s no need to hand over compromising material. While an ISP has to know exactly where you live, a VPN doesn’t actually care.

Strong anonymity

Additionally, the encryption technique behind Virtual Private Networks, especially if applied as thoroughly and diligently as ExpressVPN does, allows a user to tunnel through the physical infrastructure of their local provider.

Using the VPN deprives the ISP the ability to log the outgoing and incoming connections of their client.

ISPs already violate international net neutrality agreements by giving preference to some services, and throttling others.

A VPN allows you access to an internet unfettered by harmful collusion and cartelisation, and will actually increase your internet speed in cases of intentional ISP throttling.

When surfing the internet from your home or mobile phone, your IP address is exposed to every website you see, and every service you connect to makes it relatively easy to de-anonymize you.

While strong anonymity online requires more than just a VPN, protecting your IP addresses is a well-needed step, whether you need against harassment in chat forums or DDoS attacks on your gaming device.

VPNs are incredibly useful against surveillance and censorship and offer simple privacy protection. ExpressVPN shines with their well-applied encryption protocols, such as OpenVPN, and has a fast and reliable network of over 1,000 servers in 136 countries.

ExpressVPN sticks out with an easy to use command Line Interface that is available for most Linux distros.